$$\textsc {BotWatcher}$$

Barabosch, Thomas; Dombeck, Adrian; Yakdan, Khaled; Gerhards-Padilla, Elmar

doi:10.1007/978-3-319-26362-5_26

Cited by 2 publications

(2 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Once adversaries have completed Weaponization stage they should find a way to deliver their malicious payload to intended targets [36], [80]- [82]. The most common methods of malicious payload delivery by banking Trojans are email attachments, social engineering and drive by download [17], [20], [23], [31].…”

Section: Deliverymentioning

confidence: 99%

“…The domain name can be dynamically generated by an algorithm (Domain Generation Algorithm) that is known to the attacker and the malware [36], [82]. Unlike cache poisoning this mechanism produces random domain name depending on the algorithm which also creates more polymorphic behaviour of the malware and makes it even stealthier [80], [82]. The difference between this technique and the cache poisoning attack is that in the cache poisoning the malware makes use of the domain cached in victim DNS while in this mechanism the malware produces a random domain name [31].…”

Section: Generated Domain Names;mentioning

confidence: 99%

See 1 more Smart Citation

A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence

Kiwia

Dehghantanha

Choo

et al. 2018

Journal of Computational Science

View full text Add to dashboard Cite

Malware such as banking Trojans are popular with financially-motivated cybercriminals. Detection of banking Trojans remains a challenging task, due to the constant evolution of techniques used to obfuscate and circumvent existing detection and security solutions. Having a malware taxonomy can facilitate the design of mitigation strategies such as those based on evolutionary computational intelligence. Specifically, in this paper, we propose a cyber kill chain based taxonomy of banking Trojans features. This threat intelligence based taxonomy providing a stage-by-stage operational understanding of a cyber-attack, can be highly beneficial to security practitioners and the design of evolutionary computational intelligence on Trojans detection and mitigation strategy. The proposed taxonomy is validated by using a real-world dataset of 127 banking Trojans

show abstract

Section: Deliverymentioning

confidence: 99%

Section: Generated Domain Names;mentioning

confidence: 99%

A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence

Kiwia

Dehghantanha

Choo

et al. 2018

Journal of Computational Science

View full text Add to dashboard Cite

show abstract

Investigation of the Diverse Sleep Behavior of Malware

Oyama

2018

Journal of Information Processing

View full text Add to dashboard Cite

Once malware has infected a system, it may lie dormant (or asleep) to control resource consumption speeds, remain undetected until the time of an attack, and thwart dynamic analysis. Because of their aggressive and abnormal use of sleep behavior, malware programs are expected to exhibit traits that distinguish them from other programs. However, the details of the sleep behavior of real malware are not sufficiently understood, and the diversity of sleep behavior among different malware samples or families is also unclear. In this paper, we discuss the characteristic sleep behavior of recent malware and explore the potential for applying the features of sleep behavior to malware classification. Specifically, we demonstrate that a wide variety of sleeps are executed by a set of malware samples and that sleeps are a promising source of features for distinguishing between different malware samples. Furthermore, we show that applying a learning algorithm to sleep behavior information can result in high classification accuracy and present several examples of typical and rare sleep behaviors observed in the execution of real malware.

show abstract

$$\textsc {BotWatcher}$$

Cited by 2 publications

References 12 publications

A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence

A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence

Investigation of the Diverse Sleep Behavior of Malware

Contact Info

Product

Resources

About